Techdirt. Stories about "acs"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories about "acs"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Mon, 27 Jan 2014 05:31:00 PSTSecret Audit Of Baltimore's Speed Cams Says Up To 70,000 Tickets Were Issued In Error In 2012 AloneTim Cushinghttps://www.techdirt.com/articles/20140123/17345225971/secret-audit-baltimores-speed-cams-says-up-to-70000-tickets-were-issued-error-2012-alone.shtml
https://www.techdirt.com/articles/20140123/17345225971/secret-audit-baltimores-speed-cams-says-up-to-70000-tickets-were-issued-error-2012-alone.shtml
God bless the drivers of Maryland, whose government officials have been experimenting on them for years by placing their driving records and insurance rates in the hands of unreliable private contractors for years. We've already covered one major traffic camera firm (ATS - American Traffic Solutions) in the Maryland-DC area whose response to questionable photos captured by its cameras was to crop out anything that might make the ticket challengeable, like calibration lines or other vehicles.

Consultant URS Corp. evaluated the camera system as run by Xerox State and Local Solutions in 2012 and found an error rate of more than 10 percent — 40 times higher than city officials have claimed. The city got those findings last April but never disclosed the high error rate, refusing calls by members of the City Council to release the audit.

The city issued roughly 700,000 speed camera tickets at $40 each in fiscal year 2012. If 10 percent were wrong, 70,000 would have wrongly been charged $2.8 million.

Xerox's contract ended in 2012, and the city tried out a couple of new contractors after the Baltimore Sun reported that the city's cameras were producing faulty citations. Previous to the Sun's investigative work, city officials claimed the cameras had a "one-quarter of one percent error rate." Xerox performed its own audit and found 5 cameras with a 5.2% error rate, but said it took those offline upon discovery.

Neither claim matches up with the URS audit. Not only were 10% clearly erroneous, but another 26% were declared "questionable," meaning the system Xerox ran for three years was only unquestionably "right" less than two-thirds of the time.

To top this all off, members of the city government still hadn't seen this audit until the Baltimore Sun managed to secure a copy of it.

City Council members reacted with dismay and anger when told Wednesday of the audit's results, asking why the Rawlings-Blake administration didn't reveal the high error rate months ago and take steps to fully refund fines paid by motorists.

The administration has one good reason not to release the report: it doesn't want to get sued.

Despite calls from the City Council to release the audit, the administration does not plan to do so, Harris said. City Solicitor George Nilson, the administration's chief lawyer, has said releasing the audit would violate a settlement agreement with Xerox and "create obvious risks and potential exposure for the city."

In the settlement, the city agreed to pay Xerox $2.3 million for invoices from late 2012. The city also agreed to keep confidential any documents "referring or relating to, or reflecting, each party's internal considerations, discussions, analyses, and/or evaluations of issues raised during the settlement discussions."

The documents are no longer "confidential" at this point (and can be viewed here), and what's been uncovered may cause future problems for Xerox, which was selected by a city panel last year to take over Chicago's traffic cams. This happened in August of 2013, after Baltimore had already cut the contractor loose, but well before URS' report surfaced. Knowing it had buried the company's ineptitude by contractually obligating Baltimore's administration to keep its mouth shut, Xerox officials had the confidence to make the following claim when reached for comment last August:

Xerox officials have said the problems in Baltimore accounted for less than 1 percent of all the tickets issued there.

So, that's clearly untrue. Xerox kept burying itself, though, much like it thought it had buried that report.

"The majority of our camera programs are extremely well run and our customers are very satisfied," Xerox Corp. spokesman Carl Langsenkamp said. "That's really all I have to say about Baltimore."

Well, its "customers" were as satisfied as anyone can be when the truth has been contractually bound and gagged. The Chicago mayor's office defended doing business with Xerox by pointing out it had done its due diligence, noting no Baltimore official had declared Xerox barred or ineligible for city contracts. That's what NDA's do. They keep people from telling you bad things.

In even more "good" news for Chicago's drivers, the story also contains this bit of info:

Xerox Corp., best known for its onetime domination of the photocopier market, is a relative newcomer to the automated camera industry. In 2009 it purchased Affiliated Computer Services Inc. — well-known in the industry — for $6.4 billion.

"Well-known" has lots of different meanings. ACS is "well-known" for its close relationship with New Orleans cops, who formed their own company in order to cash in on ACS' traffic cam photo backlog, along the way violating NOPD ethics rules, laundering their funds through a police charity, and generally reinforcing the negative image of a corrupt New Orleans police force in many people's minds. In fairness, ACS accidentally outed the officers' unethical sideline by paying the controlling officer directly through his company, rather than obscuring the transaction through the charity.

ACS is also "well-known" for being careless with the personal info of millions of private citizens. ACS lost a data CD containing the personal info of 2.9 million Georgia residents back in 2007. Prior to that, it had a computer stolen (500k-1.4 million Colorado residents' data contained therein), suffered a website glitch that exposed 21,000 students' info, and had seven years of credit card data stolen from one of its computers at the Denver airport.

What Chicago may have watching over its drivers is a set of malfunctioning cameras overseen by a company that can't seem to stop coughing up people's personal data. Good times.

Permalink | Comments | Email This Story
]]>and-no-incentive-to-improvehttps://www.techdirt.com/comment_rss.php?sid=20140123/17345225971Mon, 18 Jun 2012 12:08:06 PDTCarreon's Full Filing Reveals He Donated To Oatmeal Campaign Himself, Plus Other Assorted NuttinessMike Masnickhttps://www.techdirt.com/articles/20120618/11235319370/carreons-full-filing-reveals-he-donated-to-oatmeal-campaign-himself-plus-other-assorted-nuttiness.shtml
https://www.techdirt.com/articles/20120618/11235319370/carreons-full-filing-reveals-he-donated-to-oatmeal-campaign-himself-plus-other-assorted-nuttiness.shtmlCharles Carreon suing Matthew Inman, IndieGoGo, the National Wildlife Federation and the American Cancer Society. At that time, all anyone had was the summary of the lawsuit as written by Courthouse News Service. Now, Carreon has posted the filing to his own website (with portions redacted) and the full version is now available via PACER. I've attached the officially filed version below. Rather than reveal new theories that we had missed in our original analysis, it would appear that our initial thoughts were dead on. This case is just begging to be anti-SLAPPed out of existence, in which case Carreon may find himself on the hook for significant legal fees.

When I was writing about the original case, I went looking through California's regulations on charities, and couldn't find anything that would impact Inman or IndieGoGo and all I came across was this law from this page on the California Attorney's General website. But I couldn't see how that specifically applied to Inman or IndieGoGo, since it seemed to be focused (a) on charities themselves or (b) on professional fundraisers (i.e., people hired to fundraise on a charity's behalf). It did not seem to apply to people who just tried to raise money which they promised to donate to a charity. However, that is the law that Carreon is relying on. Carreon seems to try to twist the definition of a "commercial fundraiser" to make it apply to Inman and IndieGoGo, but it's a pretty massive stretch. Inman isn't doing this "for compensation," so the law doesn't seem to apply to him. IndieGoGo is just the platform, but isn't doing the soliciting or directly touching the funds. The law is designed for an entirely different purpose.

And even if, somehow, a court actually believes that this law applies here, you might wonder how it's possible that Carreon has any standing to sue whatsoever. The fundraiser has nothing to do with him (it was about Funnyjunk, but remember that Carreon is suing on his own behalf, not Funnyjunk's.). Carreon appears to just be suing because he's pissed off. Except, that Carreon thinks he found a loophole. He donated to the campaign himself in order to create standing:

Plaintiff is a contributor to the Bear Love campaign, and made his contribution with the intent to benefit the purposes of the NWF and the ACS. Plaintiff is acting on his own behalf and to protect the rights of all other contributors to the Bear Love campaign to have their reasonable expectation that 100% of the money they contributed would go to a charitable purpose. Plaintiff opposes the payment of any funds collected from the Bear Love campaign to Indiegogo, on the grounds that the contract between Indiegogo and Inman is an illegal contract that violates the Act, and its enforcement may be enjoined. Plaintiff opposes the payment of any funds to Inman because he is not a registered commercial fundraiser, because he failed to enter into a written contract with the Charitable Organization defendants, because the Bear Love campaign utilized false and deceptive statements and insinuations of bestiality on the part of Plaintiff and his client’s “mother,” all of which tends to bring the Charitable Defendants and the institution of public giving into disrepute.

Yeah. Once again, Carreon contributed to Inman's campaign for what appears to be the sole reason of using that as a way to get standing to sue. I'm somewhat stunned.

Also, how can he possibly blame the charities? Well, Carreon's lawsuit fails in that it never actually states a claim against the charities. Seriously. At one point in the explanation of the lawsuit, he does state the following, but never actually includes the charities in any of the actual claims:

Although the Charitable Organization defendants have notified by Plaintiff in writing about the fact that the “Bear Love” campaign alleged infra is being conducted by Inman and Indiegogo in violation of the Act, and that the campaign is being conducted in a manner that could cause public disparagement of the Charitable Organization defendants’s good name and good will, neither the ACS or the NWF have acted to disavow their association with the Bear Love campaign, thus lending their tacit approval to the use of their names to the Bear Love campaign.

Again, just for emphasis, I'll point out that even with this paragraph, Carreon fails to name either charity with any of the actual claims in the lawsuit. He does include them in part of the claim, by stating that they "have failed to perform their statutory duty to exercise authority over the Bear Love campaign," but still fails to directly assert the claim against them. Even if he somehow figured out a way to work them into one of the claims, this particular legal theory of not disavowing "their association" with Inman's campaign leading to "tacit approval" is pretty ridiculous as well, and not something I could see standing up in court.

Meanwhile, Carreon's theory that Inman "disparages the image of charitable fundraising" again seems to stretch all kinds of definitions and understanding of the internet. Basically, he relies on the fact that Inman likes to mock people he doesn't like. But that's entirely unrelated to the issues at hand. Furthermore, despite Inman and Inman's lawyer explaining (in great detail) to Carreon, earlier, that Inman has an ASCII pterodactyl on all pages of The Oatmeal's source code, Carreon spends an inordinate amount of space talking about how awful this is.

Inman has announced his vindictive response to his real and imagined enemies by posting, within the source code of all of the webpages on his main website, www.theoatmeal.com, the following image and text, depicting himself as a pterodactyl that will “ptero-you a new asshole.” A screencapture of the core of the source-code appears as follows:

Following the link to http://pterodactyl.me leads the Internet user to a page on TheOatmeal.com where a video created by Inman and Sarah Donner depicts Inman, in his character as a carnivorous, prehistoric flying reptile that first rips the intestines out of a man's anus, then flogs him with his entrails, then steals a pineapple from a boy, tears his head off, flings it a girl and knocks here head off, then grinds up the girl’s head up in a wood-chipper, blends it with the pineapple, and drinks the grisly cocktail

The filing then shows screenshots from the video in question, which we'll just embed here for your viewing pleasure:

Carreon tries to claim that these images actually incite Inman's followers into action:

Inman’s followers are by and large with technologically savvy young people eager to follow the
latest trend, who embrace Inman’s brutal ideology of “tearing you a new asshole.”

Seriously? Carreon is literally arguing that fans of a silly comic with cartoonishly ridiculous violence leads them to "embrace" this "brutal ideology?" Carreon really ought to spend more time online. Carreon repeatedly makes incredibly weak connections between Inman's cartoons, his online persona and the later hatred directed his way, but without any actual evidence.

Later in the lawsuit, Carreon again claims that Inman's statement that Funnyjunk "stole" images is "false and misleading." Whether or not that's true, it's irrelevant here. Funnyjunk is not a plaintiff in the lawsuit. He also goes off on Inman for "fighting
words, and incitements to commit cybervandalism, none of which are entitled to constitutional
protection." Neither of those make sense. It's nearly impossible to see how Inman's cartoons, as sophomoric as they might be, qualify under the standard legal definition of "fighting words" or any kind of incitement to violence. In fact, Inman has made no references inciting his audience to do anything other than give money to charities (which most people would consider a good thing).

Moving on... we've got the trademark and publicity rights claim. As expected, Carreon is asserting that various actions violate the trademark on his name and his publicity rights. The key is that someone set up a fake Twitter account in his name and tweeted various statements that might make Carreon look silly. Of course, reading some of the tweets, it seems rather obvious that the account is fake. For example, one of them talks about "backtracing" Inman's IP -- a rather obvious reference to the famous ya dun goofed internet meme. Also, as he had suggested in an interview on Friday, Carreon makes interesting leaps of logic in suggesting that Inman himself may have set up the fake account.

Then, finally, we have the "inciting and committing cybervandalism in the nature of trespass to chattels, false personation and identity theft." Here, he claims that the fact that his email address was made public was part of that incitement, claiming that he never made it public:

As noted above, Doe1 or Inman proliferated Plaintiff’s email address via a fake tweet made by “@Charles_Carreon.com.” Plaintiff had not posted the chas@charlescarreon.com email address anywhere on the Internet except where required by law and Internet regulations. (The email address appears on legal papers in PACER filings in cases where required by the rules of this and other U.S. District Courts; however, these filings are viewable only by PACER users. The email address was also used in the Whois registration database for various websites Plaintiff has registered for his benefit, and as by the authorized registrant/agent of various legal clients.) Inman or persons incited by Inman also proliferated the email address and Plaintiff’s home address on social networking websites, again for the malicious purpose of enabling cybervandalism.

Except... court filings are not only viewable to those with a PACER account. Filings with the court, if not under seal, are considered public documents and are often available from a variety of sources, including the Internet Archive and other places as well. Separately, if he didn't use an anonymizer, the whois info that includes his email address is public info. Furthermore, his address is available elsewhere online as well, including (um...) both the websites for the State Bar of California and the State Bar of Oregon. Oh, and the email address is also clearly stated in the version of the legal filing that Carreon posted to his own website. While he redacted his email address in the header, he did not within the text of the complaint. In other words, that address was widely available to the public already.

His second claim of cybervandalism was that someone tried to reset the password on his webhosting account:

On June 13, 2012, at 9:28 p.m., either Inman or one of the persons named as Does 1 – 100 engaged in the act of trespass to chattels, cracking the password on Plaintiff’s website at http://www.charlescarreon.com and requesting to reset the password. Fortunately, the intrusion discovered instantly by Plaintiff who was sitting looking at his computer screen when he received an email from the website software system, and was able to retain control of the website by immediately changing the password using the hyperlink in the email.

First of all, merely requesting a reset password is not "cracking the password." It's requesting a new password, which the user would not be able to act upon unless they had access to Carreon's email (and there is no indication that that happened). In fact, it appears that the password reset system worked as designed, in that Carreon was warned that someone wanted to reset the password. And, actually, the fact that Carreon admits to "using the hyperlink in the email" suggests that that could have been the real hack attempt. You should never change your password using a hyperlink sent to you in an email. You should always go directly to the site yourself and login and make the change. Normally, if you receive one of those reset emails and haven't tried to reset your password, you're supposed to ignore it so that the password doesn't get reset. Clicking on the link and changing a password that way makes one susceptible to phishing attacks.

Finally, Carreon notes that some idiots online have signed his email account up for various spam emails/newsletters. If true, that's pretty stupid on whoever signed him up for those kinds of things, and people really shouldn't do that. But claiming that's "cybervandalism" or anything that can or should be pinned on Inman (again, whose target was Funnyjunk, not Carreon) seems ridiculous in the extreme.